In essence, MacOS/X stores root certificates using something called “Keychain”. That is stored at /Network/Library/Keychains.

However, they are stored in a way that OpenSSL will not be able to understand them (it needs PEM).

Something similar happens with Windows OS.

2. How to solve it (workaround)

So the solution is to take the content from /etc/ssl/certs from a Linux machine (raspberry pi will do too), and place that content into /etc/ssl/certs or into a temporal folder pointed by your --capath command.